-----BEGIN PGP SIGNED MESSAGE-----
. . . what permissions scheme *does* it use?
each tool has a "role" account (a sort of special user account that isn't
allowed to log in). each developer is a member of the role and can 'su' to it.
the tool runs under the role account, not under the individual developer's
there's also a seperate "project" for each tool, which allows us to do more
granular resource limits than ulimit would allow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
-----END PGP SIGNATURE-----